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SAF-E381-81 
2 June 1981 


MEMORANDUM FOR: All Recipients of the April 1981 SAFE Monthly 
Progress Report 


FROM : 
Director, Consolidated SAFE Project Office/ODP 


SUBJECT : Clarification of the Overview Section of the 
Above Monthly Report 


The April report overview infers only one cause for the 
schedule problems which the Audit team reviewed. The entire 
audit report is enclosed for your information. 


The audit was conducted in response to CSPO's criticism to 
TRW Division-level management of the results of systems PDR 
and related detailed technical reviews. 


While there are problems remaining in full detailed definition 
of conversion requirements and there are still a few facets of 
requirements under discussion, the report as stated leads to 
the erroneous impression that these are the major factors 
impeding progress. 


This topic will be covered thoroughly at the next Steering 
Commitee meeting and interim progress will be communicated 


as appropriate. Meanwhile we are participating with TRW 
in the planning for schedule recovery. 


Attachment: As stated 


cc: R. Evans/TRW 
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81. 35656.01-045 
18 May 1981 


STAT 


STAT Attention: = — = = — =F 


Subject: SAFE Audit 


STAT Dear Mrf__ 


The accompanying report summarizes the results and recommendations obtained 
from the SAFE Audit which was conducted on 23 April 1981. 


Sincerely, 2 


a 
sor * 
Cie balla — 
» Le, 
R. D. Williams 
Assistant General Manager for Projects 


Systems Engineering and Integration Division 
TRW Inc., Defense and Space Systems Group 


RDW: ER: sf 


Enclosure: As stated 


STAT cc: 
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SAFE AUDIT 
23 April 1981 


1.0 PURPOSE 


This report summarizes the results and recommendations 
obtained during a SAFE Audit conducted on 23 April 1981. The 
purpose of this audit was to: 


r Review the current status of the SAFE Block 1 schedule 


e Address specific CSPO concerns’ which surfaced at 
DDRi/IDR2 


The motivation for the audit stemmed from design reviews (DDR1 
and IDR2) conducted approximately 1 month earlier where the CSPO 
raised concerns about problems and risks associated with the 
current Block 1 schedule. 


This report also provides the Audit Team's assessment of 
some other CSPOQ concerns which were communicated to SEID top 
management subsequent to the design reviews. Finally, it 
provides TRW's most recent planning to implement a _ FAILSAFE 
Implementation Plan which incorporates an Increment ee 
capability as a part of Block 1. The impetus for this final item 
came from the recommendations of the Audit Team which are 
provided in more detail later in the report. 


2.0 SUMMARY 


An Audit Team was established by SEID management to address 
the CSPO concerns. During a one-day review and subsequent 
meetings and discussions, the Audit Team gained insight in two 
general areas: Block 1 schedule problems/risks and other C5PO 
concerns provided to SEID top management shortly after the 
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DORI/IDR2. The consensus of the Audit Team was that the current 
SAFE Block 1 schedule is high-risk showing at least 3 to 6 months 
negative slack if nothing is done now to correct problem areas. 
In addition, the Audit Team generally agreed with other specific 
CSPO concerns, such as work slippage and deemphasization of 


documentation. 


Throughout the audit process, the team members” were 
particularly pleased and encouraged to see that several decisive 
. actions had already been taken to address the problem areas. 
Convinced that this was a step in the right direction, the Audit 
Team further provided some recommendations geared at reducing, if 
not eliminating, any negative slack so as to maintain the Block 1 


schedule. These recommendations included: 


0) Establishment of a FAILSAFE Implementation Plan for 
Block 1 which would provide the capability for all 
operational threads prior to _ the currently scheduled 
Increment 3. This earlier milestone would be referred 
to as Increment 2.5 


fc) Closure of remaining Block 1 requirements issues by 15 
June 


) Increased emphasis on performance of pre-integration of 
hardware (COMM and ADPE) with early software increments 


o Alteration of the design review cycle so that 
documentation/CDRL's are delivered prior to reviews 
(approximately 30 days) 


) Accelerate Process Design Document and performance 
budget allocations 


3.0 OISCUSSION 


Based on the objectives delineated above, a team was formed 
to perform an in-depth review. The Audit Team was established by 
the Systems Engineering and Integration Division (SEID) with R. 
D. Williams, Assistant General Manager of SEID, as_ its 
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chairman. Additional members of the Audit Team are contained in 
Table 1. The Audit Team members were chosen so as to provide: 
TRW project management experience, SAFE project knowledge and 
direct interface with the SAFE-related skill centers. 


To insure that the audit would most productively address the 
appropriate issues, an agenda (see Table 2) was jointly developed 
by the SAFE Block 1 Team (L. L. McLaughlin) and the Audit Team 
(D. H. Barakat). Once the agenda was approved by SEID top 
management, the audit was scheduled for and conducted on 23 April 
1981. 


3.1 Audit Day 


Throughout the day, the Block 1 Team presented both concise 
and informative briefings addressing the various topics on the 
agenda. It was clear from the presentations and the two-way 
interaction that project personnel were highly motivated to 
succeed. They exhibited a high-level of commitment and displayed 
an unusually high esprit de corps. The Audit Team asked many 
questions and dug deep for data, particularly in the areas of 
schedules, development methodology, system performance, 
productivity and requirements issues. The Audit Team was 
impressed with the level of insight project personnel displayed 
and felt that, as a whole, they had received a very honest “data 
dump". 


The agenda had been designed to allow some time late in the 
day for the Audit Team to discuss and provide their initial 
impressions back to the Block 1 Team. These impressions 
generally fell -into two categories: schedule problems/risks and 
assessment of specific CSPO concerns provided to SEID top 
management. The following sections provide’ Audit Team 
results/conclusions/recommendations developed the day of the 
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Table 1, SAFE Audit Team Members 


R, D, WILLIAMS, CHAIRMAN 


D. H. BARAKAT, ASSISTANT CHAIRMAN 
MANAGER, DATA SYSTEMS SOFTWARE LABORATORY (DSSL) 


J. R. DISTASO, | 
MANAGER, SOFTWARE SYSTEMS ENGINEERING LABORATORY (SSEL) 


G. C. WRIGHT, 
MANAGER, OPERATING SYSTEMS AND SUPPORT SOFTWARE 
DEPARTMENT (OSSSD) ‘ 


F. J. EMMA, 
MANAGER, SOFTWARE TECHNOLOGY DEPARTMENT (STD) 


D. R. STAFFORD, 
MANAGER, PROCESS DESIGN AND INTEGRATION DEPARTMENT (PDID) 


R. T. WITTON, 
MANAGER, GUIDANCE SOFTWARE DEVELOPMENT DEPARTMENT (GSOD) 
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TABLE 2, Agenda for SAFE Audit - April 23, 1981 - 8:30-5:30 


TIME 
8:30 - 8:40 
8:40 - 9:40 
9:40 - 10:30 
10:30 - 12:00 
12:00 - 1:00 
1:00 - 3:30 
3:30 - 4:30 
4:30 - 5:15 
5:15 - 5:30 


SUBJECT PRESENTER 
INTRODUCTION L. Le McLaughlin/ 
D. H. Barakat 
PROJECT PLAN L. L. McLaughlin 
- Present Block 1 Master Schedule 
and Activity Network 
- Discuss Schedule Status 
- Describe Magnitude of Development 
- Identify Critical Path Items 
- Identify Schedule Risks 
DOR1I/IDR2 OVERVIEW L. L. McLaughlin 
- Summarize TRW Presentations 
- Summarize Briefing to CSPO 
- Present CSPO Post-Review Comments 
DDR1/IDR2 CLOSEOUT ACTIVITIES L. L. McLaughlin 
~ Discuss Other Issues Identified 
by Project 
- Describe Team Approach to Resolve 
CSPO + Project Concerns 
- Present Team Plans: 
Architecture M. L. Squires 
Threads J. A. Brown 
Development H. M. Krich 
Documentation P. W. Rosenberger 
Test Bed J. S. Daunis 
Support S/W P. R. Skinner 
User Interface D. E. Schaefer 
LUNCH SERVED -- OPEN FORUM 
DISCUSSIONS OF SELECTED ELEMENTS 
- Block 1 Engineering H. M. Krich 
- System Services Software J. S. Daunis 
- Applications Software J. A. Brown 
- Product Assurance F. S. Ingrassia 
- Others as required. 
AUDIT TEAM CAUCUS N/A 
AUDIT TEAM FEED-BACK D. H. Barakat, et al 
FINAL OBSERVATIONS R. D. Williams 
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Audit as well as in subsequent discussions preparatory to the 
briefing to CSPO management on 1 May 1981. 


3.2 Results/Conclusions 


The concensus of the Audit Team was the the current SAFE 
Block 1 schedule is high-risk pshowindTat:-least=3to 6” months. 


~tnegative slack’ This was evident after reviewing the SAFE master 
schedule for Block 1, the associated activity network and a 
critical-path analysis. (These are provided as Figures 1, 2, and 
3 respectively, in Attachment A.) In addition, the presentation 
of the individual subproject and team plans (shown in Table 2) 
provided even further insight to support this consensus. 


The Audit Team felt that there were several major functions 
causing the Block 1 schedule to be viewed as high-risk. They 


included, but were not limited to: 


a) Size and growth of the software 


Current sizing estimates put SAFE Block 1 at 425K source 
instructions to be integrated including Burroughs 
software; 125K source instructions of that total 
represented new software to be developed which has grown 
approximately 25% since SDR. The current size of the 
software is very large and its design, development, and — 
implementation on the current schedule is high-risk. 
This is due to not only the absolute calendar time, but 
also the high degree of schedule parallelism of the 3 
increments. The schedule risk is further compounded by 
the fact that experience indicates the new software 
could be expected to:grow by as much as 20%. 


b) Deferment of capabilit and complexit into later 
increments 


Compounding the software growth issue is the fact that 
at present 40% of the Block 1 software is now scheduled 
to be developed during Increment 3 as opposed to the 
original estimate of 25%. Due to the previously 
described software growth, this now’ represents a 
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doubling in the number of instructions for Increment 3 
(50.2K vs. 26.1K). Due to a number of reasons, not the 
least of which is requirements ambiguit implementation 
of complex functions is also being deferred to Increment 
3 so that the earlier increments can proceed. 


c) Extremely high productivity rates 


Software growth and deferment of capability until later 
increments have created a situation whereby extremely 
high productivity rates (instructions 
developed/manmonth) would be required to complete Block 
1 on schedule. This is particularly so for Increment 3 
in the Applications, EMP, and SCM software areas. 


d) Lack of requirements closure 


The resolution of new, late or ambiguous requirements 
further aggravates the schedule risk. This is 
particularly true in the areas of the ODP I/F, User and 
Operator I/F, and the SAFE C conversion. ~~ a ian 


e) Impact of late communications capabilities 


The current schedule for the COMM (WBC and _ ICC) 
precludes full test bed utilization which was a key 
element in the initial implementation plan. The test 
bed utilization was designed to facilitate schedule 
parallelism and reduce risk early-on in the development 
cycle. 


With respect to the specific CSPO concerns presented to SEID 
top management, the Audit Team directly addressed five key 
items. The concerns, Audit Team impression of the concerns, and 
ideas/comments. are presented in Table 3. In general, the Audit 
Team was supportive of the CSPO concerns which can be seen from 
Table 3.. It did, however, feel that two items, “Erosion of 
Design Review Process" and "SCM Maturity", have been typical 
concerns at this stage in maturity on previously successful TRW 
projects. 
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Concern 


Slippage of Work 


Late Documentation 


Erosion of Design 
Review: Process 


System Performance 
and Architecture 
Design 


SCM Maturity 
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Table 3. Selected CSPO Concerns 


Audit Team Impression 
CSPO is right 


Bow-waving complexity; current 
projected growth is a worry. 


IDD may be at too high level. 


CSPO is right 
Appears to have gotten little 
attention. 


Not significantly different 
from other projects. 


Toggling on level of detail. 


Architecture, system design and 
modularity employ sound 
techniques 


Performance analysis, measurement, 
budget allocation, benchmarking, 
etc - real issue. 


Correct to emphasize EXCES 
design first. 


Long enough delay -- allocate 
resources and attention to SCM. 


Comments/Ideas 
Utilize FAILSAFE development approach. 


External dependencies are critical -- 
extremely late H/W & S/W hook-ups. 


Do honest self-assessment. 


Implement Documentation team recommendations. 


Brief CSP0 
Need plan to avoid next time. 


Rephase documentation/CDRL process to 
provide prior (30 days) to reviews. © 


Prioritize Process Design Document; draft 
due 15 May. 


Thread team schedule too late © 


Do quick and dirty approach -- within a week. 


Update in 3 weeks. 


( 


Continue update process using Thread team plan. 


Do sizing and productivity analysis. 


Utilize related project experience. 


Get going!: 
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What's Currently Being Done 


During the course of the Audit and subsequent discussions, 
the Audit Team was particularly pleased and encouraged to see 
that several decisive steps had already been taken to address 
both the schedule problems/risks and other CSPO concerns. First, 
"tiger teams" had been established and were in operation to 
address open issues from DDR1/IDR2. Accordingly, team plans had 
been impressively presented during the Audit (see Table 2). To 
minimize the schedule impact of late external deliveries (to the 
subsystems area), plans had been developed to provide and utilize 
an interim ICC capability. In addition, a detailed 
implementation plan had been developed to permit full scale 
software development without the availability of the total 
computer network. Finally, to minimize risk and implement 
partial test bed capability, extensive software prototyping was 
being utilized. Although this was occurring on several fronts, 
the most critical were in the System Services and GRS areas where 
prototype software had already been incorporated into the unit 
test bed. 


The Audit Team was impressed with these actions and felt 
that they could go a tlong way towards addressing DDR1/IDR2 
issues. However, there was still substantial risk remaining in 
the SAFE Block 1 schedule and it was also not entirely clear that 
all of the CSPO concerns had been fully addressed. Therefore, to 
further reduce/eliminate the negative schedule slack, the Audit 
Team provided the following recommendations to SEID~ top 
management, the SAFE Project Office and, ultimately, CSPO 
management. 
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3.3 Recommendations 


The Audit Team recommended that the SAFE Project set 
priorities and allocate appropriate resources to hold the Block 1 
schedule. To do this, it further recommended that the Project 
develop a FAILSAFE Implementation Plan with the following 
elements: 


a) Pull back certain prioritized Increment 3 capabilities 
into an earlier increment. PS 


This new increment would be called Increment 2.5 and 
would implement all operational threads. In particular, 
Increment 2.5 would pull into earlier development some 
of the higher risk software elements currently planned 
for development in Increment 3. These elements would be 
chosen so that all threads could be executed start-to- 
finish, even though full functional capability might not 
be provided until Increment 3. To even further reduce 
development risk, appropriate prototyping activities 
would be initiated immediately. 


A key element of this implementation plan was that 
Increment 2.5 would provide enough capability to support 
user and operator training, initiate transition to a 
"live" operational data base, and provide a minimal 
operational capability to be used at -site, if so 
desired, by CSPO. 


Increment 3 would then provide the remaining 
capabilities for Block 1. Thus, there would be no 
erosion of capabilities for Block l. 


b) Close remaining Block 1 requirements issues by 15 June. 


Successful implementation of the FAILSAFE approach 
required that any open requirements issues be closed 
very quickly. The Audit Team had been appraised of 
these areas during the Audit and the Block 1 Team 
pointed out that their closure was critical to a 
successful Block 1. The most critical areas were the 
ODP I/F, User and Operator I/F, and SAFE C Conversion. 
If open issues could not be resolved by 15 June, the 
Audit Team recommended that the Block 1 Team make the 
best technical judgement possible to tie down the 
requirement and proceed with the design. 
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Perform pre-integration of hardware (COMM + ADPE) with 
early software increments. 


Given that the WBC and ICC developments are behind 
schedule, full hardware/software integration is not 
possible until later in the schedule. To minimize risk 
an aproach was recommended whereby pre-integration of 
available hardware would be conducted with early 
software increments. The Audit Team observed that the 
Block 1 Team had already been developing such a plan and 
strongly encouraged its implementation. 


Alter the review cycle so that documentation/CDRL's are 
delivered prior to reviews (approximately 30 days). 


The Audit Team observed that a more effective review 
process (for both CSPO and TRW) would occur if 
documentation/CDRL's in support of reviews would be 
delivered prior to the review. Utilizing this approach, 
which has been quite successful in other programs, would 
enable questions, issues, concerns, etc., to be surfaced 
prior to the review itself. With such a dialogue 
established both the CSPO and TRW could more effectively 
use the design reviews to work issues rather than review 
documents and attend lengthy tutorial briefings. 


Perform the following activities to further reduce Block 


1 schedule risk. 


1. Quickly generate a Process Design Document which 
would provide a_e system design overview, define 
configurations, examine and allocate performance 
budgets, etc. A first draft of that document would 
be due in May. 


2. Establish peformance budgets and allocate them to 
appropriate subsystems. Since the development cycle 
is quite far along the Audit Team strongly 
recommended a very quick establishment of 
preliminary budgets. The first set should be 
developed within a month, with monthly updates to be 
provided by the already established and chartered 
Thread Team. 


3. Implement Documentation Team recommendations to get 
the document production cycle back on course. 
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4. Enlarge and accelerate training activities at both 
the technical and first line managerial level. This 
would involve SAFE-specific courses in_ project 
management, development methodology and 
standards/practices: These courses already exist 
but need to be tailored to the SAFE Project needs; 
instructors would be provided out of the Software 
Systems Operation within SEID. 


The Audit Team generally concurred with the 
observations/concerns surfaced by CSPO during and after the 
design reviews. It should come as no surprise that the SAFE 
Block 1 Team was aware of and already working some of these same 
issues. The Audit Team felt that the aforementioned FAILSAFE 
Implementation Plan* would address many of the issues surfaced. 
In addition, it was the best near term plan to hold schedule by 
forcing early focus on the system capabilities (threads) needed 
to minimize Block 1 schedule risk. Finally, this approach was 
clearly the best way to minimize cost growth in the program which 
is and needs to continue to be a vital concern. 


* The Audit Team set 15 May as a goal for development of the 
FAILSAFE Implementation Plan. It is contained as Attachment B of 
this memo. 


Approved For Release 2003/12/18 : CIA-RDP84-00933R000500090008-2 


Approved For Release 2003/12/18 : ci_RDP84-00933R000500090008-2 


PROJECT SCHEDULE FOR BLOCK 1 
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